O/S : CenotsOS 7.x 64bit
APACHE : 2.4.39 ( http/2 지원 / TLS 1.3 지원 )
PHP : 7.4.8
MariaDB : mariadb 10.4.14
1. mariadb 설치 yum repo에 추가 후 설치 진행
1 2 3 4 5 6 7 8 |
[root@localhost ~]# vi /etc/yum.repos.d/MariaDB.repo #추가 [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.4/centos7-amd64 gpgkey = https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck = 1 |
2. yum으로 mariadb 10.4.14 install
1 |
[root@localhost ~]# yum -y install MariaDB |
3. mariadb는 설치가 완료되었으며 이제 시작만 하면 되지만 사용자마다 mysql 을 설치하는 디렉토리가 모두 다르므로 해당 경로를 지정해서 설치해주자
기본 바로 시작을 하게 되면 경로는 /var/lib/mysql 이 기본경로이다
설치는 우리는 /home/mysql_data 에 진행하려고 한다 / 설치 진행 후 권한을 변경
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
### 데이터저장소가 /home/mysql_data에 지정하려고 하면 다음과 같이 명령어 [root@localhost ~]# mysql_install_db --datadir=/home/mysql_data [root@localhost ~]# ls -l /home/mysql_data/ -rw-rw---- 1 root root 24576 8??14 16:03 aria_log.00000001 -rw-rw---- 1 root root 52 8??14 16:03 aria_log_control -rw-rw---- 1 root root 972 8??14 16:03 ib_buffer_pool -rw-rw---- 1 root root 134217728 8??14 16:03 ib_logfile0 -rw-rw---- 1 root root 134217728 8??14 16:03 ib_logfile1 -rw-rw---- 1 root root 134217728 8??14 16:03 ib_logfile2 -rw-rw---- 1 root root 77594624 8??14 16:03 ibdata1 drwx------ 2 root root 4096 8??14 16:03 mysql drwx------ 2 root root 20 8??14 16:03 performance_schema drwx------ 2 root root 20 8??14 16:03 test |
4. 해당 데이터베이스의 USER 권한이 root 이므로 이것을 mysql로 변경 및 홈 디렉토리 변경
1 2 3 4 5 6 7 |
[root@localhost ~]# chown -R mysql:mysql /home/mysql_data/ [root@localhost ~]# mv /var/lib/mysql /var/lib/mysql.old [root@localhost ~]# ln -s /home/mysql_data /var/lib/mysql [root@localhost ~]# chown -h mysql:mysql /var/lib/mysql |
여기서 시작을 해도 에러가 나는 경우가 있으므로 데몬 파일을 열어서 ProtechHome 부분을 false 로 변경하고 시스템 재로드를 진행한다
1 2 3 4 5 |
[root@localhost lib]# vi /usr/lib/systemd/system/mariadb.service #ProtectHome=true ProtectHome=false |
시스템 재로드
1 |
[root@localhost lib]# systemctl daemon-reload |
5. 기본 여러지 환경설정값을 변경해서 사용하므로 /etc/my.cnf.d/server.cnf 해당 파일을 아래와 같이 수정해준다
기본 엔진 myisam / 만약 innodb를 사용하려면 6번의 server.cnf 파일을 참고한다
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
[server] [mysqld] bind-address=0.0.0.0 skip-external-locking key_buffer_size = 384M max_allowed_packet = 512M table_open_cache = 2048 sort_buffer_size = 2M read_buffer_size = 2M read_rnd_buffer_size = 8M myisam_sort_buffer_size = 64M thread_cache_size = 8 ###datadir datadir=/home/mysql_data #dns query skip-name-resolve #connection max_connections = 1000 max_connect_errors = 1000 wait_timeout= 60 #slow-queries #slow_query_log = /var/lib//mysql/slow-queries.log #long_query_time = 3 #log-slow-queries = /var/lib/mysql/mysql-slow-queries.log ##timestamp explicit_defaults_for_timestamp symbolic-links=0 ###chracter character-set-client-handshake=FALSE init_connect = SET collation_connection = utf8_general_ci init_connect = SET NAMES utf8 character-set-server = utf8 collation-server = utf8_general_ci ### MyISAM Spectific options default-storage-engine = myisam key_buffer_size = 32M bulk_insert_buffer_size = 64M myisam_sort_buffer_size = 128M myisam_max_sort_file_size = 10G myisam_repair_threads = 1 ### INNODB Spectific options #default-storage-engine = InnoDB skip-innodb #innodb_additional_mem_pool_size = 16M #innodb_buffer_pool_size = 1024MB #innodb_data_file_path = ibdata1:10M:autoextend #innodb_write_io_threads = 8 #innodb_read_io_threads = 8 #innodb_thread_concurrency = 16 #innodb_flush_log_at_trx_commit = 1 #innodb_log_buffer_size = 8M #innodb_log_file_size = 128M #innodb_log_files_in_group = 3 #innodb_max_dirty_pages_pct = 90 #innodb_lock_wait_timeout = 120 [mysqldump] #default-character-set = utf8 max_allowed_packet = 512M [myisamchk] key_buffer_size = 512M sort_buffer_size = 512M read_buffer = 8M write_buffer = 8M # # * Galera-related settings # [galera] # Mandatory settings #wsrep_on=ON #wsrep_provider= #wsrep_cluster_address= #binlog_format=row #default_storage_engine=InnoDB #innodb_autoinc_lock_mode=2 # Optional setting #wsrep_slave_threads=1 |
6. 기본 여러지 환경설정값을 변경해서 사용하므로 /etc/my.cnf.d/server.cnf 해당 파일을 아래와 같이 수정해준다
기본 엔진 innodb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
[server] [mysqld] bind-address=0.0.0.0 skip-external-locking key_buffer_size = 384M max_allowed_packet = 512M table_open_cache = 2048 sort_buffer_size = 2M read_buffer_size = 2M read_rnd_buffer_size = 8M myisam_sort_buffer_size = 64M thread_cache_size = 8 ###datadir datadir=/home/mysql_data #dns query skip-name-resolve <span class="crayon-i">sql_mode</span>=<span class="crayon-i">NO_AUTO_CREATE_USER</span><span class="crayon-sy">,</span><span class="crayon-i">NO_ENGINE_SUBSTITUTION</span> #connection max_connections = 1000 max_connect_errors = 1000 wait_timeout= 60 #slow-queries #slow_query_log = /var/lib//mysql/slow-queries.log #long_query_time = 3 #log-slow-queries = /var/lib/mysql/mysql-slow-queries.log ##timestamp explicit_defaults_for_timestamp <span class="crayon-i">sql_mode</span>=<span class="crayon-i">NO_AUTO_CREATE_USER</span><span class="crayon-sy">,</span><span class="crayon-i">NO_ENGINE_SUBSTITUTION</span> #symbolic-links=0 ###chracter character-set-client-handshake=FALSE init_connect = SET collation_connection = utf8_general_ci init_connect = SET NAMES utf8 character-set-server = utf8 collation-server = utf8_general_ci ### MyISAM Spectific options #default-storage-engine = myisam key_buffer_size = 32M bulk_insert_buffer_size = 64M myisam_sort_buffer_size = 128M myisam_max_sort_file_size = 10G myisam_repair_threads = 1 ### INNODB Spectific options default-storage-engine = InnoDB #skip-innodb #innodb_additional_mem_pool_size = 16M innodb_buffer_pool_size = 1024MB innodb_data_file_path = ibdata1:10M:autoextend innodb_write_io_threads = 8 innodb_read_io_threads = 8 innodb_thread_concurrency = 16 innodb_flush_log_at_trx_commit = 1 innodb_log_buffer_size = 8M innodb_log_file_size = 128M innodb_log_files_in_group = 3 innodb_max_dirty_pages_pct = 90 innodb_lock_wait_timeout = 120 [mysqldump] #default-character-set = utf8 max_allowed_packet = 512M [myisamchk] key_buffer_size = 512M sort_buffer_size = 512M read_buffer = 8M write_buffer = 8M # * Galera-related settings # [galera] # Mandatory settings #wsrep_on=ON #wsrep_provider= #wsrep_cluster_address= #binlog_format=row #default_storage_engine=InnoDB #innodb_autoinc_lock_mode=2 # Optional setting #wsrep_slave_threads=1 |
7. 이제 mysql ( mariadb)를 시작해보자
1 |
[root@localhost ~]# systemctl start mariadb |
8. mysql을 접속해서 환경를 확인해보자
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
[root@localhost ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 3 Server version: 10.4.14-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> \s -------------- mysql Ver 15.1 Distrib 10.4.14-MariaDB, for Linux (x86_64) using readline 5.1 Connection id: 3 Current database: Current user: root@localhost SSL: Not in use Current pager: stdout Using outfile: '' Using delimiter: ; Server: MariaDB Server version: 10.4.14-MariaDB MariaDB Server Protocol version: 10 Connection: Localhost via UNIX socket Server characterset: utf8 Db characterset: utf8 Client characterset: utf8 Conn. characterset: utf8 UNIX socket: /var/lib/mysql/mysql.sock Uptime: 38 sec Threads: 2 Questions: 4 Slow queries: 0 Opens: 16 Flush tables: 1 Open tables: 9 Queries per second avg: 0.105 -------------- MariaDB [(none)]> MariaDB [(none)]> MariaDB [(none)]> SHOW VARIABLES LIKE 'max%'; +----------------------------+----------------------+ | Variable_name | Value | +----------------------------+----------------------+ | max_allowed_packet | 536870912 | | max_binlog_cache_size | 18446744073709547520 | | max_binlog_size | 1073741824 | | max_binlog_stmt_cache_size | 18446744073709547520 | | max_connect_errors | 1000 | | max_connections | 1000 | | max_delayed_threads | 20 | | max_digest_length | 1024 | | max_error_count | 64 | | max_heap_table_size | 16777216 | | max_insert_delayed_threads | 20 | | max_join_size | 18446744073709551615 | | max_length_for_sort_data | 1024 | | max_long_data_size | 536870912 | | max_password_errors | 4294967295 | | max_prepared_stmt_count | 16382 | | max_recursive_iterations | 4294967295 | | max_relay_log_size | 1073741824 | | max_rowid_filter_size | 131072 | | max_seeks_for_key | 4294967295 | | max_session_mem_used | 9223372036854775807 | | max_sort_length | 1024 | | max_sp_recursion_depth | 0 | | max_statement_time | 0.000000 | | max_tmp_tables | 32 | | max_user_connections | 0 | | max_write_lock_count | 4294967295 | +----------------------------+----------------------+ 27 rows in set (0.002 sec) |
9. 리부팅 또는 서버가 시작될 경우 자동으로 해당 데몬을 서비스하게 구성
1 |
[root@localhost ~]# systemctl enable mariadb |
10. APACHE 2.4.43 를 설치하기 앞서 필요한 패키지를 설치해줘야 한다
apr 1.7 / apr-util 1.61 / openssl 1.1.1 이상 (TLS 1.3 지원) / nghttp2 (HTTP2 지원) / brotil 1.0.7 (이미지 압축기술)
그리고 추가적으로 yum 을 이용하여 필요한 패키지를 설치하자
1 2 3 |
[root@localhost ~]# yum -y install wget perl perl-core zlib-devel gcc gcc-c++ \ cmake git automake autoconf libtool \ pcre-devel libxml2-devel openssl-devel expat-devel curl-devel |
11. ARP 1.7 INSTALL
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@localhost ~]# wget http://apache.mirror.cdnetworks.com//apr/apr-1.7.0.tar.gz [root@localhost ~]# tar xvfz apr-1.7.0.tar.gz [root@localhost ~]# cd apr-1.7.0 [root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr rm: cannot remove 'libtoolT': No such file or directory 에러가 발생되면 [root@localhost apr-1.7.0]# cp -a libtool libtoolT [root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr [root@localhost apr-1.7.0]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost apr-1.7.0]# make install |
apr-util 1.6.1
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@localhost apr-1.7.0]# cd /root [root@localhost ~]# wget https://archive.apache.org/dist/apr/apr-util-1.6.1.tar.bz2 [root@localhost ~]# tar -xvjf apr-util-1.6.1.tar.bz2 [root@localhost ~]# cd apr-util-1.6.1 [root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr/ --with-apr=/usr/local/apr/ [root@localhost apr-util-1.6.1]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost apr-util-1.6.1]# make install |
openssl 1.1.1g install
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@localhost ~]# wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz [root@localhost ~]# tar xvfz openssl-1.1.1g.tar.gz [root@localhost ~]# cd openssl-1.1.1g [root@localhost openssl-1.1.1g# ./config --prefix=/usr/local/openssl shared zlib-dynamic [root@localhost openssl-1.1.1g]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost openssl-1.1.1g]# make install [root@localhost openssl-1.1.1g]# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf.d/openssl.conf [root@localhost openssl-1.1.1g]# ldconfig [root@localhost openssl-1.1.1g]# mv /usr/bin/openssl /usr/bin/openssl.old [root@localhost openssl-1.1.1g]# ln -s /usr/local/openssl/bin/openssl /usr/bin/ |
openssl TLS 1.3 지원여부 체크
1 2 3 4 |
[root@localhost openssl-1.1.1g]# openssl ciphers -v | grep TLSv1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD |
nghttp2 install
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@localhost ~]#cd /root [root@localhost ~]# yum install libev-devel python-devel c-ares-devel jemalloc-devel jansson-devel CUnit-devel cmake [root@localhost ~]# wget https://github.com/nghttp2/nghttp2/releases/download/v1.34.0/nghttp2-1.34.0.tar.gz [root@localhost ~]# tar xvfz nghttp2-1.34.0.tar.gz [root@localhost ~]# cd nghttp2-1.34.0 [root@localhost nghttp2-1.34.0]# OPENSSL_CFLAGS="-I/usr/local/openssl/include" OPENSSL_LIBS="-L/usr/local/openssl/lib -lssl -lcrypto" ./configure --prefix=/usr/local/nghttp2 --with-boost [root@localhost nghttp2-1.34.0]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost nghttp2-1.34.0]# make install |
brotil 1.0.7 install
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@localhost ~]#cd /root [root@localhost ~]# wget https://github.com/google/brotli/archive/v1.0.7.tar.gz [root@localhost ~]# tar xvfz v1.0.7.tar.gz [root@localhost ~]# cd brotli-1.0.7/ [root@localhost brotli-1.0.7]# mkdir out && cd out [root@localhost out]# ../configure-cmake --prefix=/usr/local/brotli [root@localhost out]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost out]# make install |
12. httpd 다운로드 및 설치
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
[root@localhost ~]# wget http://apache.mirror.cdnetworks.com//httpd/httpd-2.4.43.tar.gz [root@localhost ~]# tar xvfz httpd-2.4.43.tar.gz [root@localhost ~]# cd httpd-2.4.43 [root@localhost httpd-2.4.43]# ./configure --prefix=/usr/local/apache \ --enable-so \ --enable-unique-id \ --enable-http2 \ --enable-brotli \ --enable-deflate \ --enable-ssl \ --with-brotli=/usr/local/brotli \ --with-ssl=/usr/local/openssl \ --with-apr=/usr/local/apr \ --with-apr-util=/usr/local/apr \ --with-pcre \ --with-curl \ --with-nghttp2=/usr/local/nghttp2 \ --enable-mods-shared=all \ --enable-mpms-shared=all [root@localhost httpd-2.4.43]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost httpd-2.4.43]# make install |
13. envvars 파일 내용 수정 ( brotil로 변경)
1 2 3 4 5 6 7 8 9 |
[root@localhost httpd-2.4.43]# vi /usr/local/apache/bin/envvars 수정 if test "x$LD_LIBRARY_PATH" != "x" ; then LD_LIBRARY_PATH="/usr/local/brotli/lib/:$LD_LIBRARY_PATH" else LD_LIBRARY_PATH="/usr/local/brotli/lib/" fi export LD_LIBRARY_PATH |
14. mod_url install
1 2 3 4 5 6 7 8 9 |
[root@localhost httpd-2.4.43]# cd /root [root@localhost ~]# wget http://jini.kldp.net/modurl/release/2186-mod_url-apache2-1.6.2.6.tar.bz2 [root@localhost ~]# tar xvfj 2186-mod_url-apache2-1.6.2.6.tar.bz2 [root@localhost ~]# cd mod_url-apache2/ [root@localhost mod_url-apache2]# /usr/local/apache/bin/apxs -iac mod_url.c |
15. httpd.conf 파일 복사 후 내용 아래처럼 수정
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 |
[root@localhost mod_url-apache2]# cp -a /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.ori [root@localhost mod_url-apache2]# vi /usr/local/apache/conf/httpd.conf ServerRoot "/usr/local/apache" Listen 80 # LoadModule foo_module modules/mod_foo.so # LoadModule mpm_event_module modules/mod_mpm_event.so #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so #LoadModule mpm_worker_module modules/mod_mpm_worker.so LoadModule authn_file_module modules/mod_authn_file.so #LoadModule authn_dbm_module modules/mod_authn_dbm.so #LoadModule authn_anon_module modules/mod_authn_anon.so #LoadModule authn_dbd_module modules/mod_authn_dbd.so #LoadModule authn_socache_module modules/mod_authn_socache.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so #LoadModule authz_dbm_module modules/mod_authz_dbm.so #LoadModule authz_owner_module modules/mod_authz_owner.so #LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so #LoadModule auth_form_module modules/mod_auth_form.so #LoadModule auth_digest_module modules/mod_auth_digest.so #LoadModule allowmethods_module modules/mod_allowmethods.so #LoadModule file_cache_module modules/mod_file_cache.so #LoadModule cache_module modules/mod_cache.so #LoadModule cache_disk_module modules/mod_cache_disk.so #LoadModule cache_socache_module modules/mod_cache_socache.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so #LoadModule socache_dbm_module modules/mod_socache_dbm.so #LoadModule socache_memcache_module modules/mod_socache_memcache.so #LoadModule socache_redis_module modules/mod_socache_redis.so LoadModule watchdog_module modules/mod_watchdog.so #LoadModule macro_module modules/mod_macro.so #LoadModule dbd_module modules/mod_dbd.so #LoadModule dumpio_module modules/mod_dumpio.so #LoadModule echo_module modules/mod_echo.so #LoadModule buffer_module modules/mod_buffer.so #LoadModule data_module modules/mod_data.so #LoadModule ratelimit_module modules/mod_ratelimit.so LoadModule reqtimeout_module modules/mod_reqtimeout.so #LoadModule ext_filter_module modules/mod_ext_filter.so #LoadModule request_module modules/mod_request.so #LoadModule include_module modules/mod_include.so LoadModule filter_module modules/mod_filter.so #LoadModule reflector_module modules/mod_reflector.so #LoadModule substitute_module modules/mod_substitute.so #LoadModule sed_module modules/mod_sed.so #LoadModule charset_lite_module modules/mod_charset_lite.so #LoadModule deflate_module modules/mod_deflate.so #LoadModule xml2enc_module modules/mod_xml2enc.so #LoadModule proxy_html_module modules/mod_proxy_html.so LoadModule brotli_module modules/mod_brotli.so LoadModule mime_module modules/mod_mime.so LoadModule log_config_module modules/mod_log_config.so #LoadModule log_debug_module modules/mod_log_debug.so #LoadModule log_forensic_module modules/mod_log_forensic.so #LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so #LoadModule mime_magic_module modules/mod_mime_magic.so #LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so #LoadModule usertrack_module modules/mod_usertrack.so #LoadModule unique_id_module modules/mod_unique_id.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so #LoadModule remoteip_module modules/mod_remoteip.so #LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_connect_module modules/mod_proxy_connect.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_http_module modules/mod_proxy_http.so #LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so #LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so #LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so #LoadModule proxy_express_module modules/mod_proxy_express.so #LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so #LoadModule session_module modules/mod_session.so #LoadModule session_cookie_module modules/mod_session_cookie.so #LoadModule session_dbd_module modules/mod_session_dbd.so #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so LoadModule ssl_module modules/mod_ssl.so #LoadModule dialup_module modules/mod_dialup.so LoadModule http2_module modules/mod_http2.so #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so LoadModule unixd_module modules/mod_unixd.so #LoadModule heartbeat_module modules/mod_heartbeat.so #LoadModule heartmonitor_module modules/mod_heartmonitor.so #LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so #LoadModule asis_module modules/mod_asis.so #LoadModule info_module modules/mod_info.so #LoadModule cgid_module modules/mod_cgid.so #LoadModule dav_fs_module modules/mod_dav_fs.so #LoadModule dav_lock_module modules/mod_dav_lock.so #LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so #LoadModule actions_module modules/mod_actions.so #LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule redurl_module modules/mod_url.so <IfModule unixd_module> User nobody Group nobody </IfModule> ServerAdmin you@example.com ServerName localhost:80 <Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory> DocumentRoot "/usr/local/apache/htdocs" <Directory "/usr/local/apache/htdocs"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html index.php index.htm </IfModule> <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module> # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined # LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{MM_COUNTRY_CODE}e" combined <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> <IfModule alias_module> #ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" </IfModule> <IfModule cgid_module> </IfModule> #<Directory "/usr/local/apache/cgi-bin"> # AllowOverride None # Options None # Require all granted #</Directory> <IfModule headers_module> RequestHeader unset Proxy early </IfModule> <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-gzip .tgz AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php4 .php .html .htm .inc AddType application/x-httpd-php-source .phps AddHandler cgi-script .cgi AddHandler type-map var AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> #MIMEMagicFile conf/magic #ErrorDocument 500 "The server made a boo boo." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html #MaxRanges unlimited #EnableMMAP off #EnableSendfile on Include conf/extra/httpd-mpm.conf # Multi-language error messages Include conf/extra/httpd-multilang-errordoc.conf # Fancy directory listings #Include conf/extra/httpd-autoindex.conf # Language settings Include conf/extra/httpd-languages.conf # User home directories Include conf/extra/httpd-userdir.conf # Real-time info on requests and configuration #Include conf/extra/httpd-info.conf # Virtual hosts Include conf/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual #Include conf/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV) #Include conf/extra/httpd-dav.conf # Various default settings Include conf/extra/httpd-default.conf # Configure mod_proxy_html to understand HTML4/XHTML1 <IfModule proxy_html_module> #Include conf/extra/proxy-html.conf </IfModule> <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> # Secure (SSL/TLS) connections #Include conf/extra/httpd-ssl.conf |
언어설정 파일 내용 추가
1 2 3 |
[root@localhost ]# vi /usr/local/apache/conf/extra/httpd-languages.conf ##추가 AddLanguage ko .ko |
httpd-default.conf 내용 수정
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@localhost ~]# vi /usr/local/apache/conf/extra/httpd-default.conf Timeout 60 KeepAlive On MaxKeepAliveRequests 300 KeepAliveTimeout 2 UseCanonicalName Off AccessFileName .htaccess ServerTokens Prod ServerSignature Off HostnameLookups Off <IfModule reqtimeout_module> RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 </IfModule> |
httpd-userdir.conf 내용 수정
1 2 3 4 5 6 7 8 |
[root@localhost ~]# vi /usr/local/apache/conf/extra/httpd-userdir.conf UserDir html <Directory "/home/*/html"> AllowOverride FileInfo AuthConfig Limit Options Require method GET POST Options MultiViews SymLinksIfOwnerMatch IncludesNoExec </Directory> |
16. systemctl 파일 등록 (서비스 관리)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@localhost ~]# vi /usr/lib/systemd/system/httpd.service [Unit] Description=The Apache HTTP Server After=network.target remote-fs.target nss-lookup.target Documentation=man:httpd.service(8) [Service] Type=forking ExecStart=/usr/local/apache/bin/apachectl start ExecReload=/usr/local/apache/bin/apachectl graceful ExecStop=/usr/local/apache/bin/apachectl stop [Install] WantedBy=multi-user.target |
17. 서비스 등록 및 서비스 시작
1 2 3 4 5 6 7 8 |
### 데몬 리로드 [root@localhost ~]# systemctl daemon-reload ### httpd 등록 [root@localhost ~]# systemctl enable httpd.service ### httpd 시작 [root@localhost ~]# systemctl start httpd.service |
18.TLS 1.3 및 HTTP/2 정상적인지 테스트하기 위해서 SSL 생성 ( 테스트 도메인 : tlstest2.xinet.kr )
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
[root@localhost ] mkdir /usr/local/apache/conf/ssl [root@localhost ] cd /usr/local/apache/conf/ssl [root@localhost ssl]# openssl genrsa -des3 -out tlstest2.xinet.kr.key 2048 Generating RSA private key, 2048 bit long modulus (2 primes) .....................................................................................+++++ .......+++++ e is 65537 (0x010001) Enter pass phrase for tlstest2.xinet.kr.key: Verifying - Enter pass phrase for tlstest2.xinet.kr.key: root@localhost ssl]# openssl req -new -key tlstest2.xinet.kr.key -out tlstest2.xinet.kr.csr Enter pass phrase for phptest.xinet.kr.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:KR State or Province Name (full name) [Some-State]:Gyeonggi-do Locality Name (eg, city) []:Gwangmyeong-si Organization Name (eg, company) [Internet Widgits Pty Ltd]:xinet Organizational Unit Name (eg, section) []:se Common Name (e.g. server FQDN or YOUR name) []:tlstest2.xinet.kr Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: |
19. 인증서를 발급받고 httpd-ssl.conf 에 등록해보자
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
[root@localhost logs]# vi /usr/local/apache/conf/extra/httpd-ssl.conf Listen 443 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/run/httpd/sslcache(1024000)" SSLSessionCacheTimeout 3600 SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin SSLStrictSNIVHostCheck off SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite "TLS_AES_128_GCM_SHA256 \ TLS_AES_256_GCM_SHA384 \ TLS_CHACHA20_POLY1305_SHA256 \ ECDHE-ECDSA-AES128-GCM-SHA256 \ ECDHE-ECDSA-AES256-GCM-SHA384 \ ECDHE-ECDSA-AES128-SHA \ ECDHE-ECDSA-AES256-SHA \ ECDHE-ECDSA-AES128-SHA256 \ ECDHE-ECDSA-AES256-SHA384 \ ECDHE-RSA-AES128-GCM-SHA256 \ ECDHE-RSA-AES256-GCM-SHA384 \ ECDHE-RSA-AES128-SHA \ ECDHE-RSA-AES256-SHA \ ECDHE-RSA-AES128-SHA256 \ ECDHE-RSA-AES256-SHA384 \ DHE-RSA-AES128-GCM-SHA256 \ DHE-RSA-AES256-GCM-SHA384 \ DHE-RSA-AES128-SHA \ DHE-RSA-AES256-SHA \ DHE-RSA-AES128-SHA256 \ DHE-RSA-AES256-SHA256 \ EDH-RSA-DES-CBC3-SHA" SSLHonorCipherOrder on SSLCompression off SSLUseStapling On SSLStaplingCache shmcb:/run/httpd/stapling_cache(128000) <VirtualHost *:443> DocumentRoot /home/ssltest/html ServerName tlstest2.xinet.kr SSLEngine on Protocols h2 http/1.1 SetOutputFilter BROTLI_COMPRESS;DEFLATE SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip no-brotli dont-vary Header always set Strict-Transport-Security "max-age=31536000" SSLCertificateFile /usr/local/apache/conf/ssl/tlstest2.xinet.kr.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl/tlstest2.xinet.kr.key SSLCertificateChainFile /usr/local/apache/conf/ssl/EncryptionEverywhereDVCA.crt SSLCACertificateFile /usr/local/apache/conf/ssl/DigiCertRoot2.crt.cer CustomLog "logs/access_log" combined </VirtualHost> |
ssl.conf 주석해제 ( httpd.conf)
1 2 3 4 5 |
[root@localhost ssl]# vi /usr/local/apache/conf/httpd.conf #주석해제 # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf |
웹서버 재시작
1 |
[root@localhost ~]# systemctl restart httpd |
TLS 1.3 지원 확인
HTTP2 지원 확인
웹로그에서 확인
20. PHP 7.4.8 설치 ( 설치에 앞서 libzip을 설치해야 기본 설치된 버전이 0.10이다 php 7.4.8에서는 libzip 0.11버전이 필요하다
1 2 3 4 5 |
[root@localhost ~]# wget http://packages.psychotic.ninja/7/plus/x86_64/RPMS/libzip-0.11.2-6.el7.psychotic.x86_64.rpm [root@localhost ~]# wget http://packages.psychotic.ninja/7/plus/x86_64/RPMS/libzip-devel-0.11.2-6.el7.psychotic.x86_64.rpm [root@localhost ~]# rpm -Uvh libzip-* |
21. PHP 설치에 앞서 필요한 패키지 yum 설치
1 2 3 4 5 |
[root@localhost ~]# yum -y install bison re2c libcurl-devel bzip2-devel gd-devel gmp-devel libc-client-devel \ libicu-devel libtidy-devel libxslt-devel zlib-devel libwebp-devel e2fsprogs-devel krb5-devel libidn-devel \ libtermcap libtermcap-devel gdbm-devel zlib* libxml* freetype* libpng* libjpeg* gd gd-devel \ mhash mhash-devel enchant-devel enchant netpbm* libxslt* gmp gmp-devel systemd-devel \ readline readline-devel sqlite-devel oniguruma-devel openldap-devel |
22. PHP 7.4.8 다운로드 및 설치 ( 설치 방식은 apache의 모듈형태로 서비스 되는 형태 libphp7.so )
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
[root@localhost ~]# wget https://www.php.net/distributions/php-7.4.8.tar.gz [root@localhost ~]# tar xvfj php-7.4.8.tar.gz [root@localhost ~]# cd php-7.4.8 [root@localhost php-7.4.8]#./configure \ --prefix=/usr/local/php \ --with-apxs2=/usr/local/apache/bin/apxs \ --with-config-file-path=/usr/local/apache/conf \ --with-config-file-scan-dir=/usr/local/apache/conf \ --with-openssl=/usr/local/openssl \ --with-mysql-sock=/var/lib/mysql/mysql.sock \ --with-mysqli \ --with-pdo-mysql \ --with-libdir=lib64 \ --with-enchant \ --with-gettext \ --with-freetype \ --with-jpeg \ --with-webp \ --with-xpm \ --with-zlib \ --with-gmp \ --with-iconv \ --with-gdbm \ --with-bz2 \ --with-curl \ --with-mhash \ --with-xsl \ --with-readline \ --with-curl \ --with-pear \ --with-gettext \ --with-xmlrpc \ --with-ldap \ --with-zip \ --with-libxml \ --enable-mysqlnd \ --enable-bcmath \ --enable-gd \ --enable-sockets \ --enable-pcntl \ --enable-ftp \ --enable-bcmath \ --enable-mbstring \ --enable-calendar \ --enable-simplexml \ --enable-json \ --enable-session \ --enable-soap \ --enable-xml \ --enable-opcache \ --enable-intl \ --enable-cli \ --enable-maintainer-zts \ --enable-debug \ --enable-mbregex \ --enable-dba \ --enable-litespeed \ --enable-shmop \ --enable-sysvsem \ --enable-sysvshm \ --enable-sysvmsg \ --enable-exif [root@localhost php-7.4.8]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost php-7.4.8]# make install |
23. php.ini 환경설정 파일 복사 및 수정
1 2 3 4 5 6 7 8 |
[root@localhost php-7.4.8]# cp -a php.ini-development /usr/local/apache/conf/php.ini [root@localhost php-7.4.8]# vi /usr/local/apache/conf/php.ini short_open_tag = On date.timezone = "Asia/Seoul" error_reporting = "E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_USER_DEPRECATED" upload_max_filesize = 12M |
24. /usr/bin에 php 심벌릭링크 생성
1 2 3 4 5 6 |
[root@localhost php-7.4.8]# ln -s /usr/local/php/bin/php /usr/bin/php [root@localhost php-7.4.8]# php -v PHP 7.3.8 (cli) (built: Aug 9 2019 16:55:10) ( ZTS DEBUG ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.8, Copyright (c) 1998-2018 Zend Technologies |
25. mod 방식으로 설치했기 때문에 httpd.conf 파일의 내용을 수정해준다 ( index.php 추가해주고 addtype도 추가해준다)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
[root@localhost php-7.4.8]# vi /usr/local/apache/conf/httpd.conf <IfModule dir_module> DirectoryIndex index.html index.php </IfModule> <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-gzip .tgz AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php4 .php .html .htm .inc AddType application/x-httpd-php-source .phps AddHandler cgi-script .cgi AddHandler type-map var AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> |
26. 웹서버 재시작
1 |
[root@localhost ~]# systemctl restart httpd |
27. 웹페이지에서 확인
테스트로 wordpress 설치
1. myslq 데이터베이스 추가 및 사용자 추가 및 권한 설정
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[root@localhost html]# mysql -u root -p mysql Enter password: mysql> create database xinet; Query OK, 1 row affected (0.02 sec) mysql> CREATE USER 'xinet'@'localhost' IDENTIFIED BY 'Xinet78##'; Query OK, 0 rows affected (0.02 sec) mysql> GRANT ALL PRIVILEGES ON * . * TO 'xinet'@'localhost'; Query OK, 0 rows affected, 1 warning (0.03 sec) mysql> GRANT ALL PRIVILEGES ON xinet . * TO 'xinet'@'localhost'; Query OK, 0 rows affected, 1 warning (0.02 sec) mysql> ALTER USER 'xinet'@'localhost' IDENTIFIED WITH mysql_native_password BY 'Xinet78##'; Query OK, 0 rows affected (0.01 sec) mysql> flush privileges; Query OK, 0 rows affected (0.01 sec) |
2. 워드프레스 다운로드 및 압축 해제
1 2 3 4 5 6 7 8 9 |
[root@localhost ~]# cd /home/ssltest/html/ [root@localhost html]# wget https://ko.wordpress.org/latest-ko_KR.tar.gz [root@localhost html]# tar xvfz latest-ko_KR.tar.gz [root@localhost html]# cd wordpress/ [root@localhost wordpress]# cp -a wp-config-sample.php wp-config.php |
3. wp-config 파일 내용 수정 ( https://api.wordpress.org/secret-key/1.1/salt/ 값 확인 후 아래 내용 수정해야함)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
[root@localhost wordpress]# vi wp-config.php /** The name of the database for WordPress */ define( 'DB_NAME', 'xinet' ); /** MySQL database username */ define( 'DB_USER', 'xinet' ); /** MySQL database password */ define( 'DB_PASSWORD', 'Xinet78##' ); /** MySQL hostname */ define( 'DB_HOST', 'localhost' ); /** Database Charset to use in creating database tables. */ define( 'DB_CHARSET', 'utf8' ); /** The Database Collate type. Don't change this if in doubt. */ define( 'DB_COLLATE', '' ); * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org s ecret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all user s to have to log in again. * * @since 2.6.0 */ define('AUTH_KEY', 'u{*oa=25S)D>rZY~To;ILTH{J$|j--Q=Ba~H~yB0Q_N|sWtjp32uQOx4e,w:J_MG'); define('SECURE_AUTH_KEY', 'Cp[gr;,|rVOUOoX7iYv!#N2.6a{$UtQ0=BZZRtlrdHoW191=ETff/|pm2f]ahu)A'); define('LOGGED_IN_KEY', '(~-inP!.Wp5wRVC{/{^zne3MuU~g,=eUd,qVLPWV65iw[PK$.i2+z;i+ZC}P,imI'); define('NONCE_KEY', 't/L]|I-=&r.AWa5JnUhD$X^ $O^wN>jZ?`{2W)]rlz3KJ <}3@^{AEcTFaK7,LSy'); define('AUTH_SALT', 'gcD=*v%aK-XB.< .GGik_8P3!K}:ce/3O4|d6Ff>f1eM/inqnJ|M|v=DB~S{}!W*'); define('SECURE_AUTH_SALT', '-z|O+1|5f(Ad`#k1 IT*sRKd]({Wtcp`%@SnR6>T}fS(xF}[v`u{a9(77$e^`;E&'); define('LOGGED_IN_SALT', '|K{J7rkl&^V4?z&f9..;KkdeagY:,bRX2-|fh~A]DD+ caVp%AX%6.JeG3A5/&74'); define('NONCE_SALT', 'vd#`]E+K/}~YX>Vq4l&4@x]x8^BMKAC>^86{p)N&g84M![_d`,o-8}zG0/]Av=L}'); /**#@-*/ |
1 |